[Mailman-Developers] Possible yahoogroups problem.
Barry Warsaw
barry at python.org
Thu Jul 10 21:49:40 EDT 2003
On Thu, 2003-07-10 at 15:54, Chuq Von Rospach wrote:
> My worry, of course, is that the e-mail community has had a tendency to
> see mail-back validation as the solution to many problems (and it is,
> just not as globally as some might hope) --- but I don't think the
> community has ever stopped to make sure those techniques were really
> secure in a formal way, or defined what it takes to be secure. the
> existance has been enough...
This is an excellent point, and I think deeper than the hash algorithm
we use. I think we can make the hash generation unbreakable for all
intents and purposes. Much more worrisome to me is the actual protocols
we're using for confirmation.
Case in point: MM2.1 supports the ability to encode the confirmation
string in the envelope sender so all it takes is a reply to confirm.
This is only implemented for a small handful of confirmation scenarios
currently. It's frightening to enable that for e.g. subscription
confirmations because of the widespread presence of broken vacation
programs. E.g. if you know Chuq's vacation program will reply to
Precedence:bulk messages, you just have to wait until he's out of the
office for a few days to mailbomb subscribe him to hundreds of lists.
Not good!
Of course mail-backs tie into opt-in policies and anti-spam policies, as
well as usability issues. Make it hard for people to get on or off the
list and you'll get slammed (e.g. jwz's out-of-date rant :).
> (but then, there are all sorts of attack vectors in mail lists that
> haven't been properly addressed. If I want to mailbomb your inbox into
> a cinder, does it matter whether I subscribe you 50 busy mail lists, or
> simply shove 1,500 "if you want to confirm your subscription..."
> replies in via a forged address? Most servers will happily keep
> resending confirmations without rate limiting, so you don't even need
> to find 1500 lists... Ditto help and info messages, postmaster
> auto-bots, etc, etc... )
Yep, yep, yep. I want Mailman to be a good citizen as much as possible,
while still being usable. It's a darn fine line sometimes. ;)
-Barry
More information about the Mailman-Developers
mailing list